Does this program just restart explorer or does it actually remove it without killing the shell 48 times a day lol.
I've deleted this key-picture from the watermark from twinui.dll. Now, only the text appears. I don't know how to disable this text.
The "Activate Windows" text is located in String Table at folder 1522 in shell32.dll.mui. The image can be removed from twinui.dll. I don't know where the text "Go to PC settings to activate Windows" is located.
my Enterprise x64 doesn't have that string resource folder number, only has a couple of 1000 rage items actually, you sure that's the right information? or U using Pro and it's changed? -EDIT- Nevermind, I opened the mui in Resource Hacker instead of that other one I killed the bmp's in twinui.dll and it's got that folder. -Edit- Found it at 24341 in the Res Edit tool. as shown in Resource Hacker
I am using Windows 8 RTM Enterprise x64 and I had installed the Romanian Multilingual User Interface Pack (I think this is relevant). I'll post a screenshot soon, keep refreshing the page. Image link: imageshack.us/photo/my-images/825/shot1r.png/
I used Hexprobe to search for "Activate Windows" there are heaps of them Then I searched for "Go to se" and it found nothing... I tried "47 00 6F 00 20 00 74 00 6F 00 20 00 73 00 65" which is the same in hex/unicode and it still found nothing I tried the same in regedit and came up empty... Not sure where the text lives yet, well I'll just try the twinui.dll Key bitmap fix, better than nothing for now -EDIT- It occured to me that they might use the universal "Settings" string and separate the "Go to"... will look tomorrow I guess.
Hello, woot332, can you be more explicit? What to patch and how? Do I need to use Resource Hacker or what tool? Please answer fast, I'm gonna do it 'till night. I hate watching movies with this watermark. Thanks for your info anyway, Vali.
woot332, if you do that nothing can use it, including any MS tools that might try to use it for Stuff, like Subtitles, Status and Loading Screens and things like that... I am not a hacker, the most basic job I did is change je to jmp and nop out text. I wouldn't know how to disable a API in a dll either Guess I'll have to learn tho... or wait till someone with more experience comes along and has a kind heart.
there is "RoGetActivationFactory" string at 4f751c address in twinui.dll in system32 if that could be patched somehow to point to something empty
Yeah that seems like a better candidate, if we disassembler and add a exit command (very rusty on my asm, don't know what to use), then it may skip the call to the DrawTextExW from the RoGetActivationFactory, or we can trace the call to it... might have to dust off ollydb and IDM Disassembler to figure this out... someone smarter really should be doing this tho, would take me days to figure it out and I'd probably not use that skill again for another 4 years
I wanted to start off small by trying that. Found it, killed it, but the key is still there. How can that be? Enterprise.